baize/convenient/domain/auth/auth.go

package auth

import (
	"git.sxidc.com/go-framework/baize/convenient/domain/auth/jwt_tools"
	"git.sxidc.com/go-framework/baize/convenient/domain/auth/permission"
	"git.sxidc.com/go-framework/baize/convenient/domain/auth/permission_group"
	"git.sxidc.com/go-framework/baize/convenient/domain/auth/relations"
	"git.sxidc.com/go-framework/baize/convenient/domain/auth/role"
	"git.sxidc.com/go-framework/baize/convenient/domain/auth/user"
	"git.sxidc.com/go-framework/baize/framework/binding"
	"git.sxidc.com/go-framework/baize/framework/core/api"
	"git.sxidc.com/go-framework/baize/framework/core/api/request"
	"git.sxidc.com/go-framework/baize/framework/core/api/response"
	"git.sxidc.com/go-framework/baize/framework/core/application"
	"git.sxidc.com/go-framework/baize/framework/core/domain"
	"git.sxidc.com/go-framework/baize/framework/core/domain/entity"
	"git.sxidc.com/go-framework/baize/framework/core/infrastructure"
	"git.sxidc.com/go-framework/baize/framework/core/infrastructure/database"
	"git.sxidc.com/go-framework/baize/framework/core/infrastructure/database/sql"
	"git.sxidc.com/go-tools/utils/encoding"
	"git.sxidc.com/go-tools/utils/strutils"
	"github.com/pkg/errors"
	"net/http"
	"time"
)

// Simple Bind参数
type Simple struct {
	// schema
	Schema string

	// AES加密用到的Key
	AESKey string

	// JWT的Key
	JWTSecretKey string

	// JWT到期时间
	JWTExpiredSec int64

	// 鉴权中间件
	AuthMiddleware binding.Middleware

	// 管理员用户密码
	AdminUserPassword string
}

const (
	adminUserName = "admin"
	adminRoleName = "管理员"
)

var permissionGroups = map[string][][]string{
	"权限管理": {
		{"创建权限", "/permission/create", http.MethodPost},
		{"删除权限", "/permission/delete", http.MethodDelete},
		{"修改权限", "/permission/update", http.MethodPut},
		{"查询权限", "/permission/query", http.MethodGet},
		{"根据ID获取权限", "/permission/get", http.MethodGet},
		{"更新权限的权限组", "/permission/permissionGroup/update", http.MethodPost},
		{"查询权限的权限组", "/permission/permissionGroup/query", http.MethodGet},
	},
	"权限组管理": {
		{"创建权限组", "/permissionGroup/create", http.MethodPost},
		{"删除权限组", "/permissionGroup/delete", http.MethodDelete},
		{"修改权限组", "/permissionGroup/update", http.MethodPut},
		{"查询权限组", "/permissionGroup/query", http.MethodGet},
		{"根据ID获取权限组", "/permissionGroup/get", http.MethodGet},
		{"更新权限组的权限", "/permissionGroup/permission/update", http.MethodPost},
		{"查询权限组的权限", "/permissionGroup/permission/query", http.MethodGet},
		{"更新权限的角色", "/permission/role/update", http.MethodPost},
		{"查询权限的角色", "/permission/role/query", http.MethodGet},
	},
	"角色管理": {
		{"创建角色", "/role/create", http.MethodPost},
		{"删除角色", "/role/delete", http.MethodDelete},
		{"修改角色", "/role/update", http.MethodPut},
		{"查询角色", "/role/query", http.MethodGet},
		{"根据ID获取角色", "/role/get", http.MethodGet},
		{"更新角色的权限", "/role/permission/update", http.MethodPost},
		{"查询角色的权限", "/role/permission/query", http.MethodGet},
		{"更新角色的用户", "/role/user/update", http.MethodPost},
		{"查询角色的用户", "/role/user/query", http.MethodGet},
	},
	"用户管理": {
		{"创建用户", "/user/create", http.MethodPost},
		{"删除用户", "/user/delete", http.MethodDelete},
		{"修改用户", "/user/update", http.MethodPut},
		{"查询用户", "/user/query", http.MethodGet},
		{"根据ID获取用户", "/user/get", http.MethodGet},
		{"更新用户的角色", "/user/role/update", http.MethodPost},
		{"查询用户的角色", "/user/role/query", http.MethodGet},
	},
	"Token管理": {
		{"注销", "/logout", http.MethodPost},
		{"Challenge", "/challenge", http.MethodPost},
	},
}

func (simple *Simple) init(i *infrastructure.Infrastructure) {
	dbExecutor := i.DBExecutor()

	adminUserExist, err := database.CheckExist(dbExecutor, &sql.CheckExistExecuteParams{
		TableName:  domain.TableName(simple.Schema, &user.Entity{}),
		Conditions: sql.NewConditions().Equal(user.ColumnUserName, adminUserName),
	})
	if err != nil {
		panic(err)
	}

	if adminUserExist {
		return
	}

	adminUserID := strutils.SimpleUUID()
	adminRoleID := strutils.SimpleUUID()

	permissionGroupEntities := make([]any, 0)
	permissionEntities := make([]any, 0)
	permissionGroupIDs := make([]string, 0)
	permissionIDs := make([]string, 0)

	for permissionGroupName, permissions := range permissionGroups {
		permissionInGroupIDs := make([]string, 0)

		for _, perm := range permissions {
			permissionID := strutils.SimpleUUID()
			permissionInGroupIDs = append(permissionInGroupIDs, permissionID)
			permissionEntities = append(permissionEntities, permission.Entity{
				Base:         entity.Base{ID: permissionID},
				Name:         perm[0],
				Description:  perm[0],
				Resource:     perm[1],
				Action:       perm[2],
				UserIDFields: entity.UserIDFields{CreateUserID: adminUserID},
			})
		}

		permissionIDs = append(permissionIDs, permissionInGroupIDs...)

		permissionGroupID := strutils.SimpleUUID()
		permissionGroupIDs = append(permissionGroupIDs, permissionGroupID)
		permissionGroupEntities = append(permissionGroupEntities, permission_group.Entity{
			Base:          entity.Base{ID: permissionGroupID},
			Name:          permissionGroupName,
			Description:   permissionGroupName,
			PermissionIDs: permissionInGroupIDs,
			UserIDFields:  entity.UserIDFields{CreateUserID: adminUserID},
		})
	}

	encryptedAdminUserPassword, err := encoding.AESEncrypt(simple.AdminUserPassword, simple.AESKey)
	if err != nil {
		panic(err)
	}

	adminUserEntity := &user.Entity{
		Base:     entity.Base{ID: adminUserID},
		UserName: adminUserName,
		Password: encryptedAdminUserPassword,
		Name:     adminUserName,
		RoleIDs:  []string{adminRoleID},
	}

	adminRoleEntity := &role.Entity{
		Base:          entity.Base{ID: adminRoleID},
		Name:          adminRoleName,
		Description:   adminRoleName,
		UserIDs:       []string{adminUserID},
		PermissionIDs: permissionIDs,
		UserIDFields:  entity.UserIDFields{CreateUserID: adminUserID},
	}

	err = database.Transaction(dbExecutor, func(tx database.Executor) error {
		// 创建权限
		err := database.InsertEntityBatch(tx, domain.TableName(simple.Schema, &permission.Entity{}), permissionEntities)
		if err != nil {
			return err
		}

		// 创建权限组
		err = database.InsertEntityBatch(tx, domain.TableName(simple.Schema, &permission_group.Entity{}), permissionGroupEntities)
		if err != nil {
			return err
		}

		// 创建管理员角色
		err = database.InsertEntity(tx, domain.TableName(simple.Schema, &role.Entity{}), adminRoleEntity)
		if err != nil {
			return err
		}

		// 创建管理员用户
		err = database.InsertEntity(tx, domain.TableName(simple.Schema, &user.Entity{}), adminUserEntity)
		if err != nil {
			return err
		}

		return nil
	})
	if err != nil {
		panic(err)
	}
}

func (simple *Simple) bind(binder *binding.Binder) {
	(&permission.Simple{Schema: simple.Schema, AuthMiddleware: simple.AuthMiddleware}).Bind(binder)
	(&permission_group.Simple{Schema: simple.Schema, AuthMiddleware: simple.AuthMiddleware}).Bind(binder)
	(&role.Simple{Schema: simple.Schema, AuthMiddleware: simple.AuthMiddleware}).Bind(binder)
	(&user.Simple{Schema: simple.Schema, AESKey: simple.AESKey, AuthMiddleware: simple.AuthMiddleware}).Bind(binder)
	(&relations.Simple{Schema: simple.Schema, AuthMiddleware: simple.AuthMiddleware}).Bind(binder)

	// 登录
	binding.PostBind(binder, &binding.SimpleBindItem[map[string]any]{
		Path:             "/login",
		SendResponseFunc: response.SendMapResponse,
		RequestParams:    &LoginJsonBody{},
		ServiceFunc: func(c *api.Context, params request.Params, objects []domain.Object, i *infrastructure.Infrastructure) (map[string]any, error) {
			errResponse := map[string]any{
				"token": "",
			}

			jsonBody, err := request.ToConcrete[*LoginJsonBody](params)
			if err != nil {
				return errResponse, err
			}

			encryptedPassword, err := encoding.AESEncrypt(jsonBody.Password, simple.AESKey)
			if err != nil {
				return errResponse, errors.New(err.Error())
			}

			userTableName := domain.TableName(simple.Schema, &user.Entity{})

			dbExecutor := i.DBExecutor()

			result, err := database.QueryOne(dbExecutor, &sql.QueryOneExecuteParams{
				TableName: userTableName,
				Conditions: sql.NewConditions().
					Equal(user.ColumnUserName, jsonBody.UserName).
					Equal(user.ColumnPassword, encryptedPassword),
			})
			if err != nil {
				if database.IsErrorDBRecordNotExist(err) {
					return errResponse, errors.New("用户名或密码错误")
				}

				return errResponse, errors.New(err.Error())
			}

			existUser := new(user.Entity)
			err = sql.ParseSqlResult(result, existUser)
			if err != nil {
				return errResponse, err
			}

			token, err := jwt_tools.NewJWT(simple.JWTSecretKey, existUser.ID, simple.JWTExpiredSec)
			if err != nil {
				return errResponse, errors.New(err.Error())
			}

			err = database.Update(dbExecutor, &sql.UpdateExecuteParams{
				TableName: userTableName,
				TableRow: sql.NewTableRow().Add(user.ColumnToken, token).
					Add(user.FieldLastLoginTime, time.Now()),
				Conditions: sql.NewConditions().Equal(entity.ColumnID, existUser.ID),
			})
			if err != nil {
				return errResponse, errors.New(err.Error())
			}

			return map[string]any{
				"token": token,
			}, nil
		},
	})

	// 注销
	binding.PostBind(binder, &binding.SimpleBindItem[any]{
		Path:             "/logout",
		SendResponseFunc: response.SendMsgResponse,
		ServiceFunc: func(c *api.Context, params request.Params, objects []domain.Object, i *infrastructure.Infrastructure) (any, error) {
			userInfo := c.GetUserInfo()

			userTableName := domain.TableName(simple.Schema, &user.Entity{})

			dbExecutor := i.DBExecutor()

			err := database.Update(dbExecutor, &sql.UpdateExecuteParams{
				TableName:  userTableName,
				TableRow:   sql.NewTableRow().Add(user.ColumnToken, ""),
				Conditions: sql.NewConditions().Equal(entity.ColumnID, userInfo.GetID()),
			})
			if err != nil {
				return nil, errors.New(err.Error())
			}

			return nil, nil
		},
	}, simple.AuthMiddleware)

	// Challenge
	binding.PostBind(binder, &binding.SimpleBindItem[UserWithRoleInfo]{
		Path:             "/challenge",
		SendResponseFunc: response.SendInfoResponse[UserWithRoleInfo],
		ServiceFunc: func(c *api.Context, params request.Params, objects []domain.Object, i *infrastructure.Infrastructure) (UserWithRoleInfo, error) {
			errInfo := UserWithRoleInfo{
				RoleInfos: make([]role.Info, 0),
			}

			userInfo := c.GetUserInfo()

			userAndRoleTableName := domain.RelationTableName(simple.Schema, &user.Entity{}, &role.Entity{})
			roleTableName := domain.TableName(simple.Schema, &role.Entity{})

			dbExecutor := i.DBExecutor()

			roleIDResults, totalCount, err := database.Query(dbExecutor, &sql.QueryExecuteParams{
				TableName:     userAndRoleTableName,
				SelectColumns: []string{domain.RelationColumnName(&role.Entity{})},
				Conditions:    sql.NewConditions().Equal(domain.RelationColumnName(&user.Entity{}), userInfo.GetID()),
				PageNo:        0,
				PageSize:      0,
			})
			if err != nil {
				return errInfo, errors.New(err.Error())
			}

			if totalCount == 0 {
				return UserWithRoleInfo{
					UserInfo:  *(userInfo.(*user.Info)),
					RoleInfos: make([]role.Info, 0),
				}, nil
			}

			roleIDs := make([]string, len(roleIDResults))
			for index, roleIDResult := range roleIDResults {
				roleIDs[index] = roleIDResult.ColumnValueString(domain.RelationColumnName(&role.Entity{}))
			}

			roleResults, totalCount, err := database.Query(dbExecutor, &sql.QueryExecuteParams{
				TableName:  roleTableName,
				Conditions: sql.NewConditions().In(entity.ColumnID, roleIDs),
				PageNo:     0,
				PageSize:   0,
			})
			if err != nil {
				return errInfo, errors.New(err.Error())
			}

			if totalCount == 0 {
				return UserWithRoleInfo{
					UserInfo:  *(userInfo.(*user.Info)),
					RoleInfos: make([]role.Info, 0),
				}, nil
			}

			roleInfos := make([]role.Info, 0)
			err = sql.ParseSqlResult(roleResults, &roleInfos)
			if err != nil {
				return errInfo, errors.New(err.Error())
			}

			return UserWithRoleInfo{
				UserInfo:  *(userInfo.(*user.Info)),
				RoleInfos: roleInfos,
			}, nil
		},
	}, simple.AuthMiddleware)
}

func BindAuth(app *application.App, simple *Simple) {
	binder := binding.NewBinder(app.ChooseRouter(api.RouterPrefix, ""), app.Infrastructure())

	simple.init(app.Infrastructure())
	simple.bind(binder)
}